Trojans keep reappearing

Question

Indy788 0 Newbie Poster

15 Years Ago

Last night somehow a few Trojan Virtumonde's so I ran Malware Bytes and Spybot Search and Destroy which said I got rid of them. I also ran HJT and got rid of them on startup. Then this morning the viruses reappear after not even searching the net. So I reran malware bytes and spybot but I have a feeling they are still on my computer.

These are the files that showed up in malware bytes from both last night and today: dayereho.dll, ohereyad.ini, wonavuho.dd, zudavova.dll, avuvaduz.ini, heyayoli.dll.

Here is what came up in spybot this morning:

Virtumonde: [SBI $4D2BC948] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim

Virtumonde: [SBI $1E12D746] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-959407182-1420463571-3290763699-1005\Software\Microsoft\fias4013

Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (rurafesewi) (Registry value, nothing done)
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rurafesewi

Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (rurafesewi) (Registry value, nothing done)
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rurafesewi

Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (rurafesewi) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rurafesewi

Then here is my HJT log from this morning:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:17 AM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {4d08eca2-1f7e-45b6-bf5c-42c073dd9d3b} - C:\WINDOWS\system32\lomosuve.dll
O2 - BHO: (no name) - {6E9DE132-D80C-489B-99BA-7E8C0B30C6CA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [rurafesewi] Rundll32.exe "C:\WINDOWS\system32\zagotumo.dll",s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [rurafesewi] Rundll32.exe "C:\WINDOWS\system32\zagotumo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rurafesewi] Rundll32.exe "C:\WINDOWS\system32\zagotumo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1202861459187
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\rukevone.dll c:\windows\system32\wonavuho.dll c:\windows\system32\heyayoli.dll
O20 - Winlogon Notify: cbXNhIAR - cbXNhIAR.dll (file missing)
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O20 - Winlogon Notify: ssqqnli - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13664 bytes

windows-virus

3 Contributors
18 Replies
241 Views
4 Days Discussion Span
Latest Post 15 Years Ago Latest Post by yollyP.

All 18 Replies

jholland1964 650 Posting Expert

15 Years Ago

Hi,
First of all turn off that Adaware Services. It can interfere with fixes. Go to Start, Control Panel, Administrative Tools, Services. When that opens look for Ad-Aware 2007 Service (aawservice). Double click. When that opens click the Stop Button to turn it off. Then in the middle there you will see Start up type: in that small window there you will see Automatic. Click the little arrow to bring down the drop down menu and change that type to Disabled.

The spybot log shows this on all entires:
Virtumonde: [SBI $4D2BC948] Settings (Registry key, nothing done)....
Did you TELL it to fix these? You have to tell the program to fix or it won't do anything.
Run it again and have it quarantine what it finds.

I also ran HJT and got rid of them on startup

Doing this doesn't necessarily remove the program, it just removes that particular entry from start up. HJT should not be considered a fix program, it is basically a scanner program. Yes, some fixes are done AFTER clean up of the files is done on the computer, but just removing an item from the HJT log won't fix unless the program the entry is pointing to is gone.
Update MBA-M. Then run a Full System Scan with it. When it is finished then look at the results and Be sure that everything is checked, and click Remove Selected.
Reboot the computer
Run a new HJT scan and save the log. Post back here with all three logs.
Judy

jholland1964 650 Posting Expert

15 Years Ago

Both Spybot and MBA-M did what they were supposed to do, however
This entry still shows in your new HJT log and before we can go further you have to turn this service off:

Adaware Services. It can interfere with fixes. Go to Start, Control Panel, Administrative Tools, Services. When that opens look for Ad-Aware 2007 Service (aawservice). Double click. When that opens click the Stop Button to turn it off. Then in the middle there you will see Start up type: in that small window there you will see Automatic. Click the little arrow to bring down the drop down menu and change that type to Disabled.

This service is really of no use. It can interfere with fixes attempted.
Judy

jholland1964 650 Posting Expert

15 Years Ago

Still some things in that HJT log I don't like the looks of...Do this:

You may want to print this out for reference as you cannot touch the computer until this program is finished and produces a log, except to respond to prompts from the combofix program.

Download ComboFix

Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix iconon the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.
Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When all is complete then please post back here with that log.
Judy

jholland1964 650 Posting Expert

15 Years Ago

Well combofix caught at least one trojan, give me a bit to go through the rest of the log and I will get back with you.
Judy

jholland1964 650 Posting Expert

15 Years Ago

Well as I said combofix removed infected files. Have to mention here, there is a good possibility the infection came into the computer because of these programs,
Frostwire and Azureus which are P2P file sharing programs. There also appears to be a dvd decription program on the computer which removes the encryption from commercially made dvd's so that they can be copied. This is illegal I hope that you know, a violation of copyright laws.
We do not condone or approve of this activity here on this forum.
I can only ask you now to run HiJackThis again, post that log and I will look at it to see if other files need repairing because of this infection and tell you how to do that if possible.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Indy788 0 Newbie Poster · Answer 1 · 2008-12-06T04:17:58+00:00

Yes I did tell it to fix them, I just posted the log before it actually fixed them. I reran Spybot, MB, and HJT and here are the logs:

spybot:

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe
Virtumonde: [SBI $4D2BC948] Settings (Registry key, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim
Virtumonde: [SBI $1E12D746] User settings (Registry key, fixed)
  HKEY_USERS\S-1-5-21-959407182-1420463571-3290763699-1005\Software\Microsoft\fias4013
Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (rurafesewi) (Registry value, fixed)
  HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rurafesewi
Virtumonde.prx: [SBI $3F5CA9DA]  Program file (File, fixed)
  C:\WINDOWS\system32\dawuyoha.dll
Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (rurafesewi) (Registry value, fixed)
  HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rurafesewi
Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (rurafesewi) (Registry value, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rurafesewi
MediaPlex: Tracking cookie (Internet Explorer: Alexa) (Cookie, fixed)

Right Media: Tracking cookie (Internet Explorer: Alexa) (Cookie, fixed)

MediaPlex: Tracking cookie (Internet Explorer: Alexa) (Cookie, fixed)


--- Spybot - Search & Destroy version: 1.6.0  (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-12-04 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-11-25 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-11-18 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-03 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-12-02 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-12-02 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-04 Includes\Trojans.sbi (*)
2008-12-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
 / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
 / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
 / Windows Media Encoder: Security Update for Windows Media Encoder (KB954156)
 / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
 / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
 / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
 / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
 / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
 / Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
 / Windows XP: Security Update for Windows XP (KB923689)
 / Windows XP: Security Update for Windows XP (KB941569)
 / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
 / Windows XP / SP3: Windows XP Service Pack 3
 / Windows XP / SP4: Security Update for Windows XP (KB938464)
 / Windows XP / SP4: Security Update for Windows XP (KB946648)
 / Windows XP / SP4: Security Update for Windows XP (KB950759)
 / Windows XP / SP4: Security Update for Windows XP (KB950760)
 / Windows XP / SP4: Security Update for Windows XP (KB950762)
 / Windows XP / SP4: Security Update for Windows XP (KB950974)
 / Windows XP / SP4: Security Update for Windows XP (KB951066)
 / Windows XP / SP4: Update for Windows XP (KB951072-v2)
 / Windows XP / SP4: Security Update for Windows XP (KB951376)
 / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
 / Windows XP / SP4: Security Update for Windows XP (KB951698)
 / Windows XP / SP4: Security Update for Windows XP (KB951748)
 / Windows XP / SP4: Update for Windows XP (KB951978)
 / Windows XP / SP4: Hotfix for Windows XP (KB952287)
 / Windows XP / SP4: Security Update for Windows XP (KB952954)
 / Windows XP / SP4: Security Update for Windows XP (KB953838)
 / Windows XP / SP4: Security Update for Windows XP (KB953839)
 / Windows XP / SP4: Security Update for Windows XP (KB954211)
 / Windows XP / SP4: Security Update for Windows XP (KB954459)
 / Windows XP / SP4: Security Update for Windows XP (KB955069)
 / Windows XP / SP4: Security Update for Windows XP (KB956390)
 / Windows XP / SP4: Security Update for Windows XP (KB956391)
 / Windows XP / SP4: Security Update for Windows XP (KB956803)
 / Windows XP / SP4: Security Update for Windows XP (KB956841)
 / Windows XP / SP4: Security Update for Windows XP (KB957095)
 / Windows XP / SP4: Security Update for Windows XP (KB957097)
 / Windows XP / SP4: Security Update for Windows XP (KB958644)
 / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221

--- Startup entries list ---
Located: HK_LM:Run, 
command: 
   file: 
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: HK_LM:Run, Broadcom Wireless Manager UI
command: C:\WINDOWS\system32\WLTRAY.exe
   file: C:\WINDOWS\system32\WLTRAY.exe
   size: 2183168
    MD5: 90F267169C3EC50908A97102026A23DE
Located: HK_LM:Run, DXDllRegExe
command: dxdllreg.exe
   file: dxdllreg.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
   file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
   size: 241664
    MD5: B75B654EE1DA99876461B24597AE3FF3
Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
   file: C:\Program Files\HP\HP Software Update\HPWuSchd.exe
   size: 49152
    MD5: 4FEA5B94C6A96860620A62E4A19BD07D
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
   file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
   size: 221184
    MD5: FB9E5C251CF6C37749F296BACB34A69B
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
   file: C:\Program Files\iTunes\iTunesHelper.exe
   size: 278528
    MD5: 8778072A594E1310C0B7D0A93771E8BD
Located: HK_LM:Run, MskAgentexe
command: C:\Program Files\McAfee\MSK\MskAgent.exe
   file: C:\Program Files\McAfee\MSK\MskAgent.exe
   size: 152144
    MD5: 07C64AC231B1902948149D76EA33D63E
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
   file: C:\WINDOWS\system32\NvCpl.dll
   size: 8466432
    MD5: B6F5D519E4200A55A5E31806D96D13EF
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
   file: C:\Program Files\QuickTime\qttask.exe
   size: 155648
    MD5: C74C7963EEC07AF49DCE44D64819B2BF
Located: HK_LM:Run, RoxioDragToDisc
command: "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
   file: C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
   size: 1116920
    MD5: BD57A6AFA05DF87BCAE9BB11FB0C4DDE
Located: HK_LM:Run, rurafesewi
command: Rundll32.exe "C:\WINDOWS\system32\dawuyoha.dll",s
   file: C:\WINDOWS\system32\dawuyoha.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: HK_LM:Run, SiteAdvisor
command: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
   file: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
   size: 36640
    MD5: 7C25BB17B1DEC6939EB510B6A5857809
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
   file: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
   size: 144784
    MD5: 6AB4C021FBD36DC6764924C312428D97
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   size: 1024000
    MD5: 61C23465F195FDF5AE5FE342E1692AC7
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
   file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
   size: 185896
    MD5: 89D583FC41D48328128A974C25AFAEB7
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
   file: C:\Program Files\Windows Defender\MSASCui.exe
   size: 866584
    MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
   file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
   size: 399504
    MD5: 9DF4E7C46A3F8AF5AA202B65E264EF40
Located: HK_LM:RunOnce, SpybotDeletingA4481
command: command /c del "C:\WINDOWS\system32\dawuyoha.dll_old"
   file: command /c del "C:\WINDOWS\system32\dawuyoha.dll_old"
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC1842
command: cmd /c del "C:\WINDOWS\system32\dawuyoha.dll_old"
   file: cmd /c del "C:\WINDOWS\system32\dawuyoha.dll_old"
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: HK_CU:Run, DWQueuedReporting
  where: .DEFAULT...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
   file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
   size: 437160
    MD5: E108B79EEEE444335A9F300E4C756F6A
Located: HK_CU:Run, rurafesewi
  where: S-1-5-19...
command: Rundll32.exe "C:\WINDOWS\system32\dawuyoha.dll",s
   file: C:\WINDOWS\system32\dawuyoha.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: HK_CU:Run, rurafesewi
  where: S-1-5-20...
command: Rundll32.exe "C:\WINDOWS\system32\dawuyoha.dll",s
   file: C:\WINDOWS\system32\dawuyoha.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: HK_CU:Run, AIM
  where: S-1-5-21-959407182-1420463571-3290763699-1005...
command: C:\Program Files\AIM\aim.exe -cnetwait.odl
   file: C:\Program Files\AIM\aim.exe
   size: 67112
    MD5: 92BE69A36A9504EDBA2CAB34A32B97B3
Located: HK_CU:Run, ctfmon.exe
  where: S-1-5-21-959407182-1420463571-3290763699-1005...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MsnMsgr
  where: S-1-5-21-959407182-1420463571-3290763699-1005...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
   file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
   size: 5724184
    MD5: A8972A2F9A744DD5EE0BFE429D767F1C
Located: HK_CU:RunOnce, SpybotDeletingB2275
  where: S-1-5-21-959407182-1420463571-3290763699-1005...
command: command /c del "C:\WINDOWS\system32\dawuyoha.dll_old"
   file: command /c del "C:\WINDOWS\system32\dawuyoha.dll_old"
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD3524
  where: S-1-5-21-959407182-1420463571-3290763699-1005...
command: cmd /c del "C:\WINDOWS\system32\dawuyoha.dll_old"
   file: cmd /c del "C:\WINDOWS\system32\dawuyoha.dll_old"
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: HK_CU:Run, DWQueuedReporting
  where: S-1-5-18...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
   file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
   size: 437160
    MD5: E108B79EEEE444335A9F300E4C756F6A
Located: Startup (common), Device Detector 3.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
   file: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
   size: 114688
    MD5: BACC4A728B73773CDA08D8DD69A785F1
Located: Startup (common), Digital Line Detect.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
   file: C:\Program Files\Digital Line Detect\DLG.exe
   size: 50688
    MD5: F03FFC962E18F36A922E61F96BE09925
Located: Startup (common), HP Digital Imaging Monitor.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
   file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
   size: 237568
    MD5: DA6B945E561B1D1DA67663BB45B4B868
Located: Startup (common), WinZip Quick Pick.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WinZip\WZQKPICK.EXE
   file: C:\Program Files\WinZip\WZQKPICK.EXE
   size: 525664
    MD5: CCA767E5B0F09FAC2E907197ACD85CE9
Located: WinLogon, cbXNhIAR
command: cbXNhIAR.dll
   file: cbXNhIAR.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
   file: crypt32.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
   file: cryptnet.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
   file: cscdll.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
   file: %SystemRoot%\System32\dimsntfy.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, gemsafe
command: C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
   file: C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
   size: 73728
    MD5: 2F43A51F240034DD75F1B2EF739ABD22
Located: WinLogon, ScCertProp
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
   file: sclgntfy.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
   file: WlNotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
   file: WgaLogon.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!
--- Browser helper object list ---
{089FD14D-132B-48FC-8861-0048AE113215} ()
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: 
              Path: C:\Program Files\SiteAdvisor\6253\
         Long name:        SiteAdv.dll
        Short name:                   
    Date (created): 1/11/2008 9:06:32 PM
Date (last access): 12/5/2008 4:32:34 PM
 Date (last write): 12/4/2007 3:02:24 PM
          Filesize:             927008
        Attributes:           archive 
               MD5: A1B60A5AC33EDE8FCA1A406F22C2FC41
             CRC32:           9A2C10B7
           Version:         2.6.0.6253
{4d08eca2-1f7e-45b6-bf5c-42c073dd9d3b} ()
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: 
              Path: C:\WINDOWS\system32\
         Long name:       biyupufe.dll
        Short name:                   
    Date (created): 9/5/2008 3:33:30 PM
Date (last access): 12/5/2008 4:35:20 PM
 Date (last write): 9/5/2008 3:33:30 PM
          Filesize:              64053
        Attributes: hidden sysfile archive 
               MD5: D8CF0AA9CA36C9B8F9BF619CB126A985
             CRC32:           6A4ADFE1
{6E9DE132-D80C-489B-99BA-7E8C0B30C6CA} ()
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: SSVHelper Class
              Path: C:\Program Files\Java\jre1.6.0_07\bin\
         Long name:            ssv.dll
        Short name:                   
    Date (created): 12/4/2008 4:51:56 PM
Date (last access): 12/5/2008 3:53:12 PM
 Date (last write): 6/10/2008 4:27:02 AM
          Filesize:             509328
        Attributes:           archive 
               MD5: F921D875A1CBD69A6A462BA2514BC831
             CRC32:           38AC9EE2
           Version:           6.0.70.6
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: scriptproxy
        CLSID name: scriptproxy
              Path: c:\PROGRA~1\mcafee\VIRUSS~1\
         Long name:       scriptcl.dll
        Short name:                   
    Date (created): 1/10/2008 9:03:26 PM
Date (last access): 12/5/2008 4:45:20 PM
 Date (last write): 1/9/2008 9:09:38 AM
          Filesize:              58688
        Attributes:           archive 
               MD5: D1B5F027C606321823E79D8178930C7C
             CRC32:           B5A93209
           Version:         13.3.2.126
{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: 
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Windows Live Sign-in Helper
              Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
         Long name: WindowsLiveLogin.dll
        Short name:       WINDOW~1.DLL
    Date (created): 9/20/2007 10:30:18 AM
Date (last access): 12/5/2008 3:48:40 PM
 Date (last write): 9/20/2007 10:30:18 AM
          Filesize:             328752
        Attributes:           archive 
               MD5: 59CF5BF6684AFCF906CADAD39B4214DE
             CRC32:           C363813C
           Version:        4.200.520.1
--- ActiveX list ---
{33564D57-0000-0010-8000-00AA00389B71} ()
          DPF name: 
        CLSID name: 
         Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
          Codebase:  http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
          DPF name: 
        CLSID name: McAfee.com Operating System Class
         Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
          Codebase:  http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab 
              Path: C:\WINDOWS\system32\
         Long name:       mcinsctl.dll
        Short name:                   
    Date (created): 1/10/2008 8:03:44 PM
Date (last access): 12/5/2008 4:45:20 PM
 Date (last write): 9/19/2005 10:13:22 AM
          Filesize:             349760
        Attributes:           archive 
               MD5: F759370267E3E918782CD57B573D8B6E
             CRC32:           D36141A9
           Version:           4.0.0.99
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class)
          DPF name: 
        CLSID name: MUCatalogWebControl Class
         Installer: C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf
          Codebase:  http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1202861459187 
              Path: C:\WINDOWS\system32\
         Long name: MicrosoftUpdateCatalogWebControl.dll
        Short name:       MICROS~1.DLL
    Date (created): 7/31/2007 2:25:54 AM
Date (last access): 12/5/2008 4:45:20 PM
 Date (last write): 7/31/2007 2:25:54 AM
          Filesize:             142696
        Attributes:           archive 
               MD5: 6F28C6D6022AD49B36ED3A9BA5368805
             CRC32:           91F5EA19
           Version:       7.0.6000.569
{5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class)
          DPF name: 
        CLSID name: Solitaire Showdown Class
         Installer: 
          Codebase:  http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab 
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name: SolitaireShowdown.dll
        Short name:       SOLITA~1.DLL
    Date (created): 2/28/2007 2:21:04 PM
Date (last access): 12/5/2008 4:45:20 PM
 Date (last write): 2/28/2007 2:21:04 PM
          Filesize:             142248
        Attributes:           archive 
               MD5: 93F7304161C8CB7C335F99D9232BD347
             CRC32:           91D38231
           Version:         9.5.6986.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_07
         Installer: 
          Codebase:  http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab 
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Program Files\Java\jre1.6.0_07\bin\
         Long name:    npjpi160_07.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 6/10/2008 2:32:34 AM
Date (last access): 12/5/2008 4:35:54 PM
 Date (last write): 6/10/2008 4:27:02 AM
          Filesize:             132496
        Attributes:           archive 
               MD5: 7C83A2809E13950359189767AC9D5DB8
             CRC32:           925C2A88
           Version:           6.0.70.6
{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
          DPF name: 
        CLSID name: MSN Games - Installer
         Installer: 
          Codebase:  http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab 
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:         ZIntro.ocx
        Short name:                   
    Date (created): 2/19/2007 11:26:28 AM
Date (last access): 12/5/2008 4:45:20 PM
 Date (last write): 2/19/2007 11:26:28 AM
          Filesize:             159128
        Attributes:           archive 
               MD5: E681AC948003CCA59C6C00D3F5EC3D4B
             CRC32:           C8723760
           Version:         9.5.6649.1
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
          DPF name: 
        CLSID name: MessengerStatsClient Class
         Installer: 
          Codebase:  http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name: MessengerStatsPAClient.dll
        Short name:       MESSEN~1.DLL
    Date (created): 2/22/2007 11:41:12 PM
Date (last access): 12/5/2008 4:45:20 PM
 Date (last write): 2/22/2007 11:41:12 PM
          Filesize:             304544
        Attributes:           archive 
               MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
             CRC32:           0F12FD23
           Version:         9.5.6907.1
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
          DPF name: Java Runtime Environment 1.5.0
        CLSID name: Java Plug-in 1.5.0_06
         Installer: 
          Codebase:  http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab 
              Path: C:\Program Files\Java\jre1.5.0_06\bin\
         Long name:    NPJPI150_06.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 3/2/2006 1:52:58 PM
Date (last access): 12/5/2008 4:35:12 PM
 Date (last write): 11/10/2005 1:22:12 PM
          Filesize:              69746
        Attributes:           archive 
               MD5: D2CF6BB5E9020E6707B62575F8083954
             CRC32:           7F39DC54
           Version:           5.0.60.5
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_07
         Installer: 
          Codebase:  http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab 
              Path: C:\Program Files\Java\jre1.6.0_07\bin\
         Long name:    npjpi160_07.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 6/10/2008 2:32:34 AM
Date (last access): 12/5/2008 4:35:54 PM
 Date (last write): 6/10/2008 4:27:02 AM
          Filesize:             132496
        Attributes:           archive 
               MD5: 7C83A2809E13950359189767AC9D5DB8
             CRC32:           925C2A88
           Version:           6.0.70.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_07
         Installer: 
          Codebase:  http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab 
              Path: C:\Program Files\Java\jre1.6.0_07\bin\
         Long name:    npjpi160_07.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 6/10/2008 2:32:34 AM
Date (last access): 12/5/2008 4:35:54 PM
 Date (last write): 6/10/2008 4:27:02 AM
          Filesize:             132496
        Attributes:           archive 
               MD5: 7C83A2809E13950359189767AC9D5DB8
             CRC32:           925C2A88
           Version:           6.0.70.6
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
          DPF name: 
        CLSID name: Shockwave Flash Object
         Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
          Codebase:  http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab 
       description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename: 
         info link: 
       info source: Patrick M. Kolla
              Path: C:\WINDOWS\system32\Macromed\Flash\
         Long name:        Flash9f.ocx
        Short name:                   
    Date (created): 3/24/2008 8:32:42 PM
Date (last access): 12/5/2008 4:45:22 PM
 Date (last write): 3/24/2008 8:32:42 PM
          Filesize:            2991488
        Attributes:  readonly archive 
               MD5: 48FDF435B8595604E54125B321924510
             CRC32:           12335E29
           Version:          9.0.124.0
--- Process list ---
PID:    0 (   0) [System]
PID:  872 (   4) \SystemRoot\System32\smss.exe
 size: 50688
PID:  952 ( 872) \??\C:\WINDOWS\system32\csrss.exe
 size: 6144
PID:  988 ( 872) \??\C:\WINDOWS\system32\winlogon.exe
 size: 507904
PID: 1040 ( 988) C:\WINDOWS\system32\services.exe
 size: 108544
  MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 1052 ( 988) C:\WINDOWS\system32\lsass.exe
 size: 13312
  MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1260 (1040) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1332 (1040) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1480 (1040) C:\Program Files\Windows Defender\MsMpEng.exe
 size: 13592
  MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 1524 (1040) C:\WINDOWS\System32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1684 (1040) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1860 (1040) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2000 (1040) C:\WINDOWS\System32\WLTRYSVC.EXE
 size: 24064
  MD5: BCD7DB5C2FD6BFB59416F125DDE077FF
PID: 2024 (2000) C:\WINDOWS\System32\bcmwltry.exe
 size: 1921024
  MD5: DE691DD74FFFD9A39E784000255BF67C
PID: 2032 (1040) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 size: 587096
  MD5: 0629361FAC4576BA48AB39F4903DCE9E
PID:  296 (1040) C:\WINDOWS\system32\spoolsv.exe
 size: 57856
  MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID:  392 (1040) C:\WINDOWS\System32\SCardSvr.exe
 size: 95744
  MD5: 86D007E7A654B9A71D1D7D856B104353
PID:  800 ( 740) C:\WINDOWS\Explorer.EXE
 size: 1033728
  MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1212 ( 800) C:\WINDOWS\system32\WLTRAY.exe
 size: 2183168
  MD5: 90F267169C3EC50908A97102026A23DE
PID: 1288 ( 800) C:\Program Files\McAfee\MSK\MskAgent.exe
 size: 152144
  MD5: 07C64AC231B1902948149D76EA33D63E
PID: 1296 ( 800) C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
 size: 36640
  MD5: 7C25BB17B1DEC6939EB510B6A5857809
PID: 1316 ( 800) C:\Program Files\iTunes\iTunesHelper.exe
 size: 278528
  MD5: 8778072A594E1310C0B7D0A93771E8BD
PID: 1376 ( 800) C:\Program Files\QuickTime\qttask.exe
 size: 155648
  MD5: C74C7963EEC07AF49DCE44D64819B2BF
PID: 1380 ( 800) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 size: 1024000
  MD5: 61C23465F195FDF5AE5FE342E1692AC7
PID: 1404 ( 800) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
 size: 241664
  MD5: B75B654EE1DA99876461B24597AE3FF3
PID: 1432 ( 800) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
 size: 1116920
  MD5: BD57A6AFA05DF87BCAE9BB11FB0C4DDE
PID: 1472 ( 800) C:\Program Files\Windows Defender\MSASCui.exe
 size: 866584
  MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 1608 ( 800) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
 size: 185896
  MD5: 89D583FC41D48328128A974C25AFAEB7
PID: 1624 ( 800) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
 size: 144784
  MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 1732 ( 800) C:\Program Files\AIM\aim.exe
 size: 67112
  MD5: 92BE69A36A9504EDBA2CAB34A32B97B3
PID: 1748 ( 800) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
 size: 5724184
  MD5: A8972A2F9A744DD5EE0BFE429D767F1C
PID: 1828 ( 800) C:\WINDOWS\system32\ctfmon.exe
 size: 15360
  MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 1948 ( 800) C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
 size: 114688
  MD5: BACC4A728B73773CDA08D8DD69A785F1
PID: 1192 ( 800) C:\Program Files\Digital Line Detect\DLG.exe
 size: 50688
  MD5: F03FFC962E18F36A922E61F96BE09925
PID:  540 ( 800) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 size: 237568
  MD5: DA6B945E561B1D1DA67663BB45B4B868
PID:  592 (1040) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 size: 30312
  MD5: 6163664C7E9CD110AF70180C126C3FDC
PID:  948 ( 800) C:\Program Files\WinZip\WZQKPICK.EXE
 size: 525664
  MD5: CCA767E5B0F09FAC2E907197ACD85CE9
PID: 1920 (1040) C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
 size: 540776
  MD5: 38BCCF016B694A745E1CDBC0B080A59C
PID: 2288 (1040) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
 size: 767976
  MD5: CB3A8976DE2F65349322DA7627CEA223
PID: 2408 (1040) c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
 size: 2458128
  MD5: C69E71E00B30B60556D3E096699BD423
PID: 2484 (1040) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
 size: 362064
  MD5: D984FAF698966AA360C1702EF623C3F9
PID: 2536 (1040) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
 size: 353368
  MD5: 7BC413411A8A0E58ECB6868FFC2180D9
PID: 2600 (1040) c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
 size: 256096
  MD5: DAF486036F2F6EE9DBA390D3CF2E5C29
PID: 2624 (1040) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
 size: 144960
  MD5: 6611420C3CC970126C86ADCDC376AE39
PID: 2684 (1040) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
 size: 643664
  MD5: 9770A8706BBA3C4CBEA998D2A6BF2D08
PID: 2788 (1040) C:\Program Files\McAfee\MPF\MPFSrv.exe
 size: 841256
  MD5: 1CAD000C45ED402F9C61F90CF8D208C2
PID: 2868 (1040) C:\PROGRA~1\McAfee\MPS\mps.exe
 size: 906792
  MD5: A59C48001BF02AD6306019D1C4F58050
PID: 3012 (1040) C:\Program Files\McAfee\MSK\MskSrver.exe
 size: 29264
  MD5: 10BE560BB16F1A926246C7EAB94A47FF
PID: 3112 (1040) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
 size: 475136
  MD5: 1D48375CADA961D1E0D73653E0CA7DFA
PID: 3280 (1040) C:\WINDOWS\system32\nvsvc32.exe
 size: 155717
  MD5: A9A999066E3F318172360A6AEAB2A165
PID: 3456 (1040) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 size: 89968
  MD5: 54902536AAD0E9B99BC65F89C0CAF93F
PID: 3704 (1260) C:\Program Files\McAfee.com\Agent\mcagent.exe
 size: 582992
  MD5: 9405B452064BFA6A0F78E2F177A988A4
PID: 3716 (1040) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3800 (1260) C:\Program Files\McAfee\MPS\mpsevh.exe
 size: 304680
  MD5: 6510D5303CC0D1CF1908B8BD21063420
PID: 3856 (1040) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
 size: 1552384
  MD5: 23B506262493F1A521683EE88C5FBF60
PID: 3960 (1040) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
 size: 737280
  MD5: A27D803B21F24A5CFB775944EA4CB130
PID:  764 (1040) C:\WINDOWS\system32\dllhost.exe
 size: 5120
  MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 3320 ( 800) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
 size: 4891472
  MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 3412 (1040) C:\Program Files\iPod\bin\iPodService.exe
 size: 323584
  MD5: 962BC769D1008D83F6A00B9DE887EEF4
PID: 2960 (1260) C:\WINDOWS\system32\wbem\wmiprvse.exe
 size: 218112
  MD5: 0FFAE66E6D5B1C87CBD22D1F3B6079FD
PID: 4104 (1260) C:\WINDOWS\system32\wbem\wmiprvse.exe
 size: 218112
  MD5: 0FFAE66E6D5B1C87CBD22D1F3B6079FD
PID: 4500 (1040) C:\WINDOWS\system32\dllhost.exe
 size: 5120
  MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 4768 (1040) C:\WINDOWS\System32\alg.exe
 size: 44544
  MD5: 8C515081584A38AA007909CD02020B3D
PID: 5276 (1040) C:\Program Files\Windows Live\Messenger\usnsvc.exe
 size: 98328
  MD5: 9D19B042A4FD5C02195071EA2FE0C821
PID: 5084 ( 800) C:\Program Files\Mozilla Firefox\firefox.exe
 size: 7676528
  MD5: D0269B291E8FBB3E16DE398DA57B6C73
PID: 3252 (1260) c:\PROGRA~1\mcafee\msc\mcuimgr.exe
 size: 265040
  MD5: 02800372FA7F33E4042DA92D362D6573
PID: 5228 ( 800) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
 size: 1265296
  MD5: 56E3536902563372047C68B3EB3CA6A5
PID: 5704 ( 800) C:\WINDOWS\system32\notepad.exe
 size: 69120
  MD5: 5E28284F9B5F9097640D58A73D38AD4C
PID:    4 (   0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/5/2008 4:46:07 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
   http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
   http://www.google.com/ 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
   www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
   http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
   http://www.dell.com 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
   http://www.dell.com 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
   http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

--- Uninstall list ---
A-one DVD Ripper 6.28  (A-one DVD Ripper_is1)
    install date: 20080111
install location: C:\Program Files\A-one DVD Ripper\
   uninstall cmd: "C:\Program Files\A-one DVD Ripper\unins000.exe"
       publisher: A-one Global Creativity
       help link:  http://www.yaomingsoft.com/
  (AddressBook)
Adobe Acrobat 8.1.2 Standard 8.1.2 (Adobe Acrobat  8 Standard)
 version (major): 8
    install date: 1/3/2008
install location: C:\Program Files\Adobe\Acrobat 8.0\
  install source: d:\
   uninstall cmd: msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
       publisher: Adobe Systems
         contact: Customer Support
       help link:  http://www.adobe.com/support/main.html 
  help telephone:    
          readme: [INSTALLDIR]Readme.htm
Adobe Flash Player ActiveX 9.0.124.0 (Adobe Flash Player ActiveX)
   uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
       publisher: Adobe Systems Incorporated
       help link:  http://www.adobe.com/go/flashplayer_support/
Adobe Shockwave Player 11 (Adobe Shockwave Player)
 version (major): 11
install location: C:\WINDOWS\system32\Adobe\
   uninstall cmd: C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
       publisher: Adobe Systems, Inc.
       help link:  http://www.adobe.com/support/shockwave
AOL Instant Messenger  (AOL Instant Messenger)
   uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Audacity 1.2.6  (Audacity_is1)
install location: C:\Program Files\Audacity\
   uninstall cmd: "C:\Program Files\Audacity\unins000.exe"
       help link:  http://audacity.sourceforge.net
Azureus Vuze  (Azureus Vuze)
   uninstall cmd: C:\Program Files\Azureus\uninstall.exe
       publisher: Azureus, Inc.
Microsoft Office Basic 2007 12.0.6215.1000 (BASICR)
install location: C:\Program Files\Microsoft Office
   uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall BASICR /dll OSETUP.DLL
       publisher: Microsoft Corporation
Bink and Smacker  (Bink and Smacker)
   uninstall cmd: C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
  (Branding)
Dell Wireless WLAN Card 4.170.25.12 (Broadcom 802.11b Network Adapter)
   uninstall cmd: "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
       publisher: Dell Inc.
Business Contact Manager for Outlook 2007 SP1 3.0.7311.0 (Business Contact Manager)
install location: C:\Program Files\Microsoft Small Business\
   uninstall cmd: "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/
Conexant HDA D330 MDC V.92 Modem  (CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F)
   uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
  (Connection Manager)
  (DirectAnimation)
  (DirectDrawEx)
DVD Decrypter (Remove Only)  (DVD Decrypter)
   uninstall cmd: "C:\Program Files\DVD Decrypter\uninstall.exe"
  (DXM_Runtime)
eMule  (eMule)
   uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"
  (Fontcore)
HijackThis 2.0.2 2.0.2 (HijackThis)
   uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
       publisher: TrendMicro
HP Image Zone 3.5 3.5 (HP Photo & Imaging)
   uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
       publisher: HP
       help link:  http://www.hp.com/support
OCR Software by I.R.I.S 7.0 7.0 (HPOCR)
   uninstall cmd: C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
       publisher: HP
       help link:  http://www.hp.com/support
  (ICW)
  (IE40)
  (IE4Data)
  (IE5BAKEX)
  (IEData)
  (InstallShield Uninstall Information)
Wave Support Software 05.07.00.026 (InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE})
         version: 84344832
 version (major): 5
 version (minor): 7
  estimated size: 4799
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Wave Support Software\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
       publisher: Wave Systems Corp
Private Information Manager 06.01.00.023 (InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809})
         version: 100728832
 version (major): 6
 version (minor): 1
  estimated size: 1992
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Private Information Manager\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
       publisher: Your Company Name
iPod for Windows 2006-03-23 4.7.0 (InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB})
         version: 67567616
 version (major): 4
 version (minor): 7
  estimated size: 52444
    install date: 20080110
install location: C:\Program Files\iPod\
  install source: C:\WINDOWS\Downloaded Installations\{D8C87B8A-0477-408A-AAE0-9FB4BEA3BF97}\
   uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033 
       publisher: Apple Computer, Inc.
         contact: AppleCare
       help link:  http://www.info.apple.com 
          readme:  http://www.info.apple.com/support/downloads.html
Document Manager Lite 06.06.00.066 (InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2})
         version: 101056512
 version (major): 6
 version (minor): 6
  estimated size: 2869
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Document Manager Lite\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\setup.exe -runfromtemp -l0x0409
       publisher: Your Company Name
EMBASSY Security Setup 03.06.00.027 (InstallShield_{53333479-6A52-4816-8497-5C52B67ED339})
         version: 50724864
 version (major): 3
 version (minor): 6
  estimated size: 11574
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\EMBASSY Security Setup\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
       publisher: Wave Systems Corp
iTunes 6.0.4.2 (InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709})
         version: 100663300
 version (major): 6
  estimated size: 34694
    install date: 20080110
install location: C:\Program Files\iTunes\
  install source: C:\WINDOWS\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033 
       publisher: Apple Computer, Inc.
         contact: AppleCare Support
       help link:  http://www.info.apple.com/ 
  help telephone: 1-800-275-2273
QuickTime 7.0.4 (InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4})
         version: 117440516
 version (major): 7
  estimated size: 66739
    install date: 20080110
install location: C:\Program Files\QuickTime\
  install source: C:\DOCUME~1\Alexa\LOCALS~1\Temp\_is7B\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 
       publisher: Apple Computer, Inc.
         contact: AppleCare Support
       help link:  http://www.info.apple.com/ 
  help telephone: 1-800-275-2273
Secure Update 05.04.00.010 (InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50})
         version: 84148224
 version (major): 5
 version (minor): 4
  estimated size: 189
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Secure Update\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
       publisher: Your Company Name
ESC Home Page Plugin 03.01.00.018 (InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398})
         version: 50397184
 version (major): 3
 version (minor): 1
  estimated size: 1004
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\ESC Home Page Plugin\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
       publisher: Wave Systems Corp
Security Wizards 01.04.00.014 (InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4})
         version: 17039360
 version (major): 1
 version (minor): 4
  estimated size: 1428
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Security Wizards\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
       publisher: Your Company Name
EMBASSY Security Center 03.06.00.031 (InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88})
         version: 50724864
 version (major): 3
 version (minor): 6
  estimated size: 13233
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\EMBASSY Security Center\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
       publisher: Wave Systems Corp
High Definition Audio Driver Package - KB835221 20040219.000000 (KB835221WXP)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=KB835221
  (KB884267)
  (KB885353)
  (KB886612)
  (KB887078)
  (KB887626)
  (KB888656)
  (KB889858)
  (KB891122)
  (KB892313)
  (KB893240)
  (KB893241)
Windows Installer 3.1 (KB893803)  (KB893803v2)
       publisher: Microsoft Corporation
       help link:  http://go.microsoft.com/fwlink/?LinkId=42467
  (KB895181)
  (KB895316)
  (KB895572)
  (KB897586)
  (KB898549)
  (KB900399)
  (KB902344)
  (KB907658)
Security Update for Windows Media Player (KB911564)  (KB911564)
    install date: 20080103
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=911564
  (KB911565)
  (KB911854)
Security Update for Windows XP (KB923689)  (KB923689)
    install date: 20080103
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=923689
Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)
    install date: 20080111
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/kb/923723
Security Update for Windows Media Player 6.4 (KB925398)  (KB925398_WMP64)
    install date: 20080103
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=925398
Hotfix for Windows Media Format 11 SDK (KB929399)  (KB929399)
    install date: 20080121
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=929399
Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
   uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=931906
Security Update for Windows Media Player 11 (KB936782)  (KB936782_WMP11)
    install date: 20080121
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=936782
Security Update for Windows Media Player 9 (KB936782)  (KB936782_WMP9)
    install date: 20080103
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=936782
Security Update for Windows XP (KB938464) 1 (KB938464)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=938464
Hotfix for Windows Media Player 11 (KB939683)  (KB939683)
    install date: 20080121
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=939683
Security Update for Windows XP (KB941569)  (KB941569)
    install date: 20080111
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=941569
Security Update for Windows XP (KB946648) 1 (KB946648)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=946648
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109) 9.2.3068 (KB948109_SQL9)
    install date: 20081010
   uninstall cmd: C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=948109
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109) 9.2.3068 (KB948109_SQLTools9)
    install date: 20081010
   uninstall cmd: C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=948109
Security Update for Windows XP (KB950759) 1 (KB950759)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=950759
Security Update for Windows XP (KB950760) 1 (KB950760)
    install date: 20080611
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=950760
Security Update for Windows XP (KB950762) 1 (KB950762)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=950762
Security Update for Windows XP (KB950974) 1 (KB950974)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=950974
Security Update for Windows XP (KB951066) 1 (KB951066)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=951066
Update for Windows XP (KB951072-v2) 2 (KB951072-v2)
    install date: 20080816
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=951072
Security Update for Windows XP (KB951376) 1 (KB951376)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=951376
Security Update for Windows XP (KB951376-v2) 2 (KB951376-v2)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=951376
Security Update for Windows XP (KB951698) 1 (KB951698)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=951698
Security Update for Windows XP (KB951748) 1 (KB951748)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=951748
Update for Windows XP (KB951978) 1 (KB951978)
    install date: 20081113
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=951978
Hotfix for Windows XP (KB952287) 1 (KB952287)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=952287
Security Update for Windows XP (KB952954) 1 (KB952954)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=952954
Security Update for Windows XP (KB953838) 1 (KB953838)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=953838
Security Update for Windows XP (KB953839) 1 (KB953839)
    install date: 20080815
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=953839
Security Update for Windows Media Player 11 (KB954154)  (KB954154_WM11)
    install date: 20080910
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=954154
Security Update for Windows Media Encoder (KB954156)  (KB954156_WM9L)
    install date: 20080910
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com/?kbid=954156
Security Update for Windows XP (KB954211) 1 (KB954211)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=954211
Security Update for Windows XP (KB954459) 1 (KB954459)
    install date: 20081113
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=954459
Security Update for Windows XP (KB955069) 1 (KB955069)
    install date: 20081113
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=955069
Security Update for Windows XP (KB956390) 1 (KB956390)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=956390
Security Update for Windows XP (KB956391) 1 (KB956391)
    install date: 20081015
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=956391
Security Update for Windows XP (KB956803) 1 (KB956803)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=956803
Security Update for Windows XP (KB956841) 1 (KB956841)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=956841
Security Update for Windows XP (KB957095) 1 (KB957095)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=957095
Security Update for Windows XP (KB957097) 1 (KB957097)
    install date: 20081113
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:  http://support.microsoft.com?kbid=957097
Security Update for Windows XP (KB958644) 1 (KB958644)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link:

Indy788 0 Newbie Poster · Answer 2 · 2008-12-06T04:18:44+00:00

Mbam:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/5/2008 5:07:10 PM
mbam-log-2008-12-05 (17-07-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 127099
Time elapsed: 1 hour(s), 0 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 4
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\biyupufe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dawuyoha.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\muwiropu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d08eca2-1f7e-45b6-bf5c-42c073dd9d3b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d08eca2-1f7e-45b6-bf5c-42c073dd9d3b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d08eca2-1f7e-45b6-bf5c-42c073dd9d3b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rurafesewi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb2275 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd3524 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga4481 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc1842 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\muwiropu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\muwiropu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\muwiropu.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dawuyoha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\biyupufe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\muwiropu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP442\A0044194.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP443\A0044329.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP449\A0044804.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP449\A0044880.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dawuyoha.dll_old (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lusozawu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:37 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {6E9DE132-D80C-489B-99BA-7E8C0B30C6CA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [rurafesewi] Rundll32.exe "C:\WINDOWS\system32\dawuyoha.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rurafesewi] Rundll32.exe "C:\WINDOWS\system32\dawuyoha.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1202861459187
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: c:\windows\system32\wonavuho.dll c:\windows\system32\heyayoli.dll c:\windows\system32\rasivogi.dll
O20 - Winlogon Notify: cbXNhIAR - cbXNhIAR.dll (file missing)
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O20 - Winlogon Notify: ssqqnli - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13245 bytes

Indy788 0 Newbie Poster · Answer 3 · 2008-12-06T05:23:16+00:00

Sorry, I saw that after I posted all my logs. I took it off and reran spybot and mbam:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/5/2008 6:20:53 PM
mbam-log-2008-12-05 (18-20-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 126731
Time elapsed: 57 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

spybot:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/5/2008 6:20:53 PM
mbam-log-2008-12-05 (18-20-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 126731
Time elapsed: 57 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Indy788 0 Newbie Poster · Answer 4 · 2008-12-06T05:24:17+00:00

sorry I accidentally posted my mbam report twice. Here's spybot:

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.6.0  (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-12-04 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-11-25 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-11-18 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-03 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-12-02 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-12-02 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-04 Includes\Trojans.sbi (*)
2008-12-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
 / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
 / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
 / Windows Media Encoder: Security Update for Windows Media Encoder (KB954156)
 / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
 / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
 / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
 / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
 / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
 / Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
 / Windows XP: Security Update for Windows XP (KB923689)
 / Windows XP: Security Update for Windows XP (KB941569)
 / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
 / Windows XP / SP3: Windows XP Service Pack 3
 / Windows XP / SP4: Security Update for Windows XP (KB938464)
 / Windows XP / SP4: Security Update for Windows XP (KB946648)
 / Windows XP / SP4: Security Update for Windows XP (KB950759)
 / Windows XP / SP4: Security Update for Windows XP (KB950760)
 / Windows XP / SP4: Security Update for Windows XP (KB950762)
 / Windows XP / SP4: Security Update for Windows XP (KB950974)
 / Windows XP / SP4: Security Update for Windows XP (KB951066)
 / Windows XP / SP4: Update for Windows XP (KB951072-v2)
 / Windows XP / SP4: Security Update for Windows XP (KB951376)
 / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
 / Windows XP / SP4: Security Update for Windows XP (KB951698)
 / Windows XP / SP4: Security Update for Windows XP (KB951748)
 / Windows XP / SP4: Update for Windows XP (KB951978)
 / Windows XP / SP4: Hotfix for Windows XP (KB952287)
 / Windows XP / SP4: Security Update for Windows XP (KB952954)
 / Windows XP / SP4: Security Update for Windows XP (KB953838)
 / Windows XP / SP4: Security Update for Windows XP (KB953839)
 / Windows XP / SP4: Security Update for Windows XP (KB954211)
 / Windows XP / SP4: Security Update for Windows XP (KB954459)
 / Windows XP / SP4: Security Update for Windows XP (KB955069)
 / Windows XP / SP4: Security Update for Windows XP (KB956390)
 / Windows XP / SP4: Security Update for Windows XP (KB956391)
 / Windows XP / SP4: Security Update for Windows XP (KB956803)
 / Windows XP / SP4: Security Update for Windows XP (KB956841)
 / Windows XP / SP4: Security Update for Windows XP (KB957095)
 / Windows XP / SP4: Security Update for Windows XP (KB957097)
 / Windows XP / SP4: Security Update for Windows XP (KB958644)
 / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221


--- Startup entries list ---
Located: HK_LM:Run, 
command: 
   file: 
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_LM:Run, Broadcom Wireless Manager UI
command: C:\WINDOWS\system32\WLTRAY.exe
   file: C:\WINDOWS\system32\WLTRAY.exe
   size: 2183168
    MD5: 90F267169C3EC50908A97102026A23DE

Located: HK_LM:Run, DXDllRegExe
command: dxdllreg.exe
   file: dxdllreg.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
   file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
   size: 241664
    MD5: B75B654EE1DA99876461B24597AE3FF3

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
   file: C:\Program Files\HP\HP Software Update\HPWuSchd.exe
   size: 49152
    MD5: 4FEA5B94C6A96860620A62E4A19BD07D

Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
   file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
   size: 221184
    MD5: FB9E5C251CF6C37749F296BACB34A69B

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
   file: C:\Program Files\iTunes\iTunesHelper.exe
   size: 278528
    MD5: 8778072A594E1310C0B7D0A93771E8BD

Located: HK_LM:Run, MskAgentexe
command: C:\Program Files\McAfee\MSK\MskAgent.exe
   file: C:\Program Files\McAfee\MSK\MskAgent.exe
   size: 152144
    MD5: 07C64AC231B1902948149D76EA33D63E

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
   file: C:\WINDOWS\system32\NvCpl.dll
   size: 8466432
    MD5: B6F5D519E4200A55A5E31806D96D13EF

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
   file: C:\Program Files\QuickTime\qttask.exe
   size: 155648
    MD5: C74C7963EEC07AF49DCE44D64819B2BF

Located: HK_LM:Run, RoxioDragToDisc
command: "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
   file: C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
   size: 1116920
    MD5: BD57A6AFA05DF87BCAE9BB11FB0C4DDE

Located: HK_LM:Run, SiteAdvisor
command: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
   file: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
   size: 36640
    MD5: 7C25BB17B1DEC6939EB510B6A5857809

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
   file: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
   size: 144784
    MD5: 6AB4C021FBD36DC6764924C312428D97

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   size: 1024000
    MD5: 61C23465F195FDF5AE5FE342E1692AC7

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
   file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
   size: 185896
    MD5: 89D583FC41D48328128A974C25AFAEB7

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
   file: C:\Program Files\Windows Defender\MSASCui.exe
   size: 866584
    MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC

Located: HK_CU:Run, DWQueuedReporting
  where: .DEFAULT...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
   file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
   size: 437160
    MD5: E108B79EEEE444335A9F300E4C756F6A

Located: HK_CU:Run, AIM
  where: S-1-5-21-959407182-1420463571-3290763699-1005...
command: C:\Program Files\AIM\aim.exe -cnetwait.odl
   file: C:\Program Files\AIM\aim.exe
   size: 67112
    MD5: 92BE69A36A9504EDBA2CAB34A32B97B3

Located: HK_CU:Run, ctfmon.exe
  where: S-1-5-21-959407182-1420463571-3290763699-1005...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, MsnMsgr
  where: S-1-5-21-959407182-1420463571-3290763699-1005...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
   file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
   size: 5724184
    MD5: A8972A2F9A744DD5EE0BFE429D767F1C

Located: HK_CU:Run, DWQueuedReporting
  where: S-1-5-18...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
   file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
   size: 437160
    MD5: E108B79EEEE444335A9F300E4C756F6A

Located: Startup (common), Device Detector 3.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
   file: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
   size: 114688
    MD5: BACC4A728B73773CDA08D8DD69A785F1

Located: Startup (common), Digital Line Detect.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
   file: C:\Program Files\Digital Line Detect\DLG.exe
   size: 50688
    MD5: F03FFC962E18F36A922E61F96BE09925

Located: Startup (common), HP Digital Imaging Monitor.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
   file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
   size: 237568
    MD5: DA6B945E561B1D1DA67663BB45B4B868

Located: Startup (common), WinZip Quick Pick.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WinZip\WZQKPICK.EXE
   file: C:\Program Files\WinZip\WZQKPICK.EXE
   size: 525664
    MD5: CCA767E5B0F09FAC2E907197ACD85CE9

Located: WinLogon, cbXNhIAR
command: cbXNhIAR.dll
   file: cbXNhIAR.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
   file: crypt32.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
   file: cryptnet.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
   file: cscdll.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
   file: %SystemRoot%\System32\dimsntfy.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, gemsafe
command: C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
   file: C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
   size: 73728
    MD5: 2F43A51F240034DD75F1B2EF739ABD22

Located: WinLogon, ScCertProp
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
   file: sclgntfy.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
   file: WlNotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
   file: WgaLogon.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!



--- Browser helper object list ---
{089FD14D-132B-48FC-8861-0048AE113215} ()
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: 
              Path: C:\Program Files\SiteAdvisor\6253\
         Long name:        SiteAdv.dll
        Short name:                   
    Date (created): 1/11/2008 9:06:32 PM
Date (last access): 12/5/2008 5:50:54 PM
 Date (last write): 12/4/2007 3:02:24 PM
          Filesize:             927008
        Attributes:           archive 
               MD5: A1B60A5AC33EDE8FCA1A406F22C2FC41
             CRC32:           9A2C10B7
           Version:         2.6.0.6253

{6E9DE132-D80C-489B-99BA-7E8C0B30C6CA} ()
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: SSVHelper Class
              Path: C:\Program Files\Java\jre1.6.0_07\bin\
         Long name:            ssv.dll
        Short name:                   
    Date (created): 12/4/2008 4:51:56 PM
Date (last access): 12/5/2008 5:23:44 PM
 Date (last write): 6/10/2008 4:27:02 AM
          Filesize:             509328
        Attributes:           archive 
               MD5: F921D875A1CBD69A6A462BA2514BC831
             CRC32:           38AC9EE2
           Version:           6.0.70.6

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: scriptproxy
        CLSID name: scriptproxy
              Path: c:\PROGRA~1\mcafee\VIRUSS~1\
         Long name:       scriptcl.dll
        Short name:                   
    Date (created): 1/10/2008 9:03:26 PM
Date (last access): 12/5/2008 5:54:18 PM
 Date (last write): 1/9/2008 9:09:38 AM
          Filesize:              58688
        Attributes:           archive 
               MD5: D1B5F027C606321823E79D8178930C7C
             CRC32:           B5A93209
           Version:         13.3.2.126

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: 

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Windows Live Sign-in Helper
              Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
         Long name: WindowsLiveLogin.dll
        Short name:       WINDOW~1.DLL
    Date (created): 9/20/2007 10:30:18 AM
Date (last access): 12/5/2008 6:13:20 PM
 Date (last write): 9/20/2007 10:30:18 AM
          Filesize:             328752
        Attributes:           archive 
               MD5: 59CF5BF6684AFCF906CADAD39B4214DE
             CRC32:           C363813C
           Version:        4.200.520.1



--- ActiveX list ---
{33564D57-0000-0010-8000-00AA00389B71} ()
          DPF name: 
        CLSID name: 
         Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
          Codebase: [url]http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[/url]

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
          DPF name: 
        CLSID name: McAfee.com Operating System Class
         Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
          Codebase: [url]http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[/url]
              Path: C:\WINDOWS\system32\
         Long name:       mcinsctl.dll
        Short name:                   
    Date (created): 1/10/2008 8:03:44 PM
Date (last access): 12/5/2008 6:08:08 PM
 Date (last write): 9/19/2005 10:13:22 AM
          Filesize:             349760
        Attributes:           archive 
               MD5: F759370267E3E918782CD57B573D8B6E
             CRC32:           D36141A9
           Version:           4.0.0.99

{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class)
          DPF name: 
        CLSID name: MUCatalogWebControl Class
         Installer: C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf
          Codebase: [url]http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1202861459187[/url]
              Path: C:\WINDOWS\system32\
         Long name: MicrosoftUpdateCatalogWebControl.dll
        Short name:       MICROS~1.DLL
    Date (created): 7/31/2007 2:25:54 AM
Date (last access): 12/5/2008 6:08:26 PM
 Date (last write): 7/31/2007 2:25:54 AM
          Filesize:             142696
        Attributes:           archive 
               MD5: 6F28C6D6022AD49B36ED3A9BA5368805
             CRC32:           91F5EA19
           Version:       7.0.6000.569

{5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class)
          DPF name: 
        CLSID name: Solitaire Showdown Class
         Installer: 
          Codebase: [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab[/url]
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name: SolitaireShowdown.dll
        Short name:       SOLITA~1.DLL
    Date (created): 2/28/2007 2:21:04 PM
Date (last access): 12/5/2008 6:16:10 PM
 Date (last write): 2/28/2007 2:21:04 PM
          Filesize:             142248
        Attributes:           archive 
               MD5: 93F7304161C8CB7C335F99D9232BD347
             CRC32:           91D38231
           Version:         9.5.6986.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_07
         Installer: 
          Codebase: [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[/url]
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Program Files\Java\jre1.6.0_07\bin\
         Long name:    npjpi160_07.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 6/10/2008 2:32:34 AM
Date (last access): 12/5/2008 5:53:38 PM
 Date (last write): 6/10/2008 4:27:02 AM
          Filesize:             132496
        Attributes:           archive 
               MD5: 7C83A2809E13950359189767AC9D5DB8
             CRC32:           925C2A88
           Version:           6.0.70.6

{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
          DPF name: 
        CLSID name: MSN Games - Installer
         Installer: 
          Codebase: [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:         ZIntro.ocx
        Short name:                   
    Date (created): 2/19/2007 11:26:28 AM
Date (last access): 12/5/2008 6:16:10 PM
 Date (last write): 2/19/2007 11:26:28 AM
          Filesize:             159128
        Attributes:           archive 
               MD5: E681AC948003CCA59C6C00D3F5EC3D4B
             CRC32:           C8723760
           Version:         9.5.6649.1

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
          DPF name: 
        CLSID name: MessengerStatsClient Class
         Installer: 
          Codebase: [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name: MessengerStatsPAClient.dll
        Short name:       MESSEN~1.DLL
    Date (created): 2/22/2007 11:41:12 PM
Date (last access): 12/5/2008 6:16:10 PM
 Date (last write): 2/22/2007 11:41:12 PM
          Filesize:             304544
        Attributes:           archive 
               MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
             CRC32:           0F12FD23
           Version:         9.5.6907.1

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
          DPF name: Java Runtime Environment 1.5.0
        CLSID name: Java Plug-in 1.5.0_06
         Installer: 
          Codebase: [url]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url]
              Path: C:\Program Files\Java\jre1.5.0_06\bin\
         Long name:    NPJPI150_06.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 3/2/2006 1:52:58 PM
Date (last access): 12/5/2008 5:53:08 PM
 Date (last write): 11/10/2005 1:22:12 PM
          Filesize:              69746
        Attributes:           archive 
               MD5: D2CF6BB5E9020E6707B62575F8083954
             CRC32:           7F39DC54
           Version:           5.0.60.5

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_07
         Installer: 
          Codebase: [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[/url]
              Path: C:\Program Files\Java\jre1.6.0_07\bin\
         Long name:    npjpi160_07.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 6/10/2008 2:32:34 AM
Date (last access): 12/5/2008 5:53:38 PM
 Date (last write): 6/10/2008 4:27:02 AM
          Filesize:             132496
        Attributes:           archive 
               MD5: 7C83A2809E13950359189767AC9D5DB8
             CRC32:           925C2A88
           Version:           6.0.70.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_07
         Installer: 
          Codebase: [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[/url]
              Path: C:\Program Files\Java\jre1.6.0_07\bin\
         Long name:    npjpi160_07.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 6/10/2008 2:32:34 AM
Date (last access): 12/5/2008 5:53:38 PM
 Date (last write): 6/10/2008 4:27:02 AM
          Filesize:             132496
        Attributes:           archive 
               MD5: 7C83A2809E13950359189767AC9D5DB8
             CRC32:           925C2A88
           Version:           6.0.70.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
          DPF name: 
        CLSID name: Shockwave Flash Object
         Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
          Codebase: [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
       description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename: 
         info link: 
       info source: Patrick M. Kolla
              Path: C:\WINDOWS\system32\Macromed\Flash\
         Long name:        Flash9f.ocx
        Short name:                   
    Date (created): 3/24/2008 8:32:42 PM
Date (last access): 12/5/2008 6:09:44 PM
 Date (last write): 3/24/2008 8:32:42 PM
          Filesize:            2991488
        Attributes:  readonly archive 
               MD5: 48FDF435B8595604E54125B321924510
             CRC32:           12335E29
           Version:          9.0.124.0



--- Process list ---
PID:    0 (   0) [System]
PID:  880 (   4) \SystemRoot\System32\smss.exe
 size: 50688
PID:  960 ( 880) \??\C:\WINDOWS\system32\csrss.exe
 size: 6144
PID:  992 ( 880) \??\C:\WINDOWS\system32\winlogon.exe
 size: 507904
PID: 1036 ( 992) C:\WINDOWS\system32\services.exe
 size: 108544
  MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 1048 ( 992) C:\WINDOWS\system32\lsass.exe
 size: 13312
  MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1244 (1036) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1312 (1036) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1456 (1036) C:\Program Files\Windows Defender\MsMpEng.exe
 size: 13592
  MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 1496 (1036) C:\WINDOWS\System32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1648 (1036) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1696 (1036) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1876 (1036) C:\WINDOWS\System32\WLTRYSVC.EXE
 size: 24064
  MD5: BCD7DB5C2FD6BFB59416F125DDE077FF
PID: 1888 (1876) C:\WINDOWS\System32\bcmwltry.exe
 size: 1921024
  MD5: DE691DD74FFFD9A39E784000255BF67C
PID:  252 (1036) C:\WINDOWS\system32\spoolsv.exe
 size: 57856
  MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID:  292 (1036) C:\WINDOWS\System32\SCardSvr.exe
 size: 95744
  MD5: 86D007E7A654B9A71D1D7D856B104353
PID:  724 ( 672) C:\WINDOWS\Explorer.EXE
 size: 1033728
  MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1260 (1036) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 size: 30312
  MD5: 6163664C7E9CD110AF70180C126C3FDC
PID: 1352 ( 724) C:\WINDOWS\system32\WLTRAY.exe
 size: 2183168
  MD5: 90F267169C3EC50908A97102026A23DE
PID: 1392 (1036) C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
 size: 540776
  MD5: 38BCCF016B694A745E1CDBC0B080A59C
PID: 1440 ( 724) C:\Program Files\McAfee\MSK\MskAgent.exe
 size: 152144
  MD5: 07C64AC231B1902948149D76EA33D63E
PID: 1568 ( 724) C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
 size: 36640
  MD5: 7C25BB17B1DEC6939EB510B6A5857809
PID: 1580 (1036) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
 size: 767976
  MD5: CB3A8976DE2F65349322DA7627CEA223
PID: 1736 ( 724) C:\Program Files\iTunes\iTunesHelper.exe
 size: 278528
  MD5: 8778072A594E1310C0B7D0A93771E8BD
PID: 1800 ( 724) C:\Program Files\QuickTime\qttask.exe
 size: 155648
  MD5: C74C7963EEC07AF49DCE44D64819B2BF
PID: 1824 ( 724) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
 size: 241664
  MD5: B75B654EE1DA99876461B24597AE3FF3
PID: 1848 ( 724) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
 size: 1116920
  MD5: BD57A6AFA05DF87BCAE9BB11FB0C4DDE
PID: 2044 ( 724) C:\Program Files\Windows Defender\MSASCui.exe
 size: 866584
  MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID:  232 ( 724) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
 size: 185896
  MD5: 89D583FC41D48328128A974C25AFAEB7
PID:  392 ( 724) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
 size: 144784
  MD5: 6AB4C021FBD36DC6764924C312428D97
PID:  472 ( 724) C:\Program Files\AIM\aim.exe
 size: 67112
  MD5: 92BE69A36A9504EDBA2CAB34A32B97B3
PID:  568 ( 724) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
 size: 5724184
  MD5: A8972A2F9A744DD5EE0BFE429D767F1C
PID:  668 ( 724) C:\WINDOWS\system32\ctfmon.exe
 size: 15360
  MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 1964 ( 724) C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
 size: 114688
  MD5: BACC4A728B73773CDA08D8DD69A785F1
PID: 1112 ( 724) C:\Program Files\Digital Line Detect\DLG.exe
 size: 50688
  MD5: F03FFC962E18F36A922E61F96BE09925
PID: 1348 ( 724) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 size: 237568
  MD5: DA6B945E561B1D1DA67663BB45B4B868
PID:  480 ( 724) C:\Program Files\WinZip\WZQKPICK.EXE
 size: 525664
  MD5: CCA767E5B0F09FAC2E907197ACD85CE9
PID: 1524 (1036) c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
 size: 2458128
  MD5: C69E71E00B30B60556D3E096699BD423
PID: 2052 (1036) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
 size: 362064
  MD5: D984FAF698966AA360C1702EF623C3F9
PID: 2080 (1036) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
 size: 353368
  MD5: 7BC413411A8A0E58ECB6868FFC2180D9
PID: 2132 (1036) c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
 size: 256096
  MD5: DAF486036F2F6EE9DBA390D3CF2E5C29
PID: 2164 (1036) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
 size: 144960
  MD5: 6611420C3CC970126C86ADCDC376AE39
PID: 2216 (1036) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
 size: 643664
  MD5: 9770A8706BBA3C4CBEA998D2A6BF2D08
PID: 2280 (1036) C:\Program Files\McAfee\MPF\MPFSrv.exe
 size: 841256
  MD5: 1CAD000C45ED402F9C61F90CF8D208C2
PID: 2376 (1036) C:\PROGRA~1\McAfee\MPS\mps.exe
 size: 906792
  MD5: A59C48001BF02AD6306019D1C4F58050
PID: 2448 (1036) C:\Program Files\McAfee\MSK\MskSrver.exe
 size: 29264
  MD5: 10BE560BB16F1A926246C7EAB94A47FF
PID: 2528 (1036) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
 size: 475136
  MD5: 1D48375CADA961D1E0D73653E0CA7DFA
PID: 2628 (1036) C:\WINDOWS\system32\nvsvc32.exe
 size: 155717
  MD5: A9A999066E3F318172360A6AEAB2A165
PID: 2752 (1036) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 size: 89968
  MD5: 54902536AAD0E9B99BC65F89C0CAF93F
PID: 2840 (1036) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2944 (1244) C:\Program Files\McAfee\MPS\mpsevh.exe
 size: 304680
  MD5: 6510D5303CC0D1CF1908B8BD21063420
PID: 2996 (1036) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
 size: 1552384
  MD5: 23B506262493F1A521683EE88C5FBF60
PID: 3052 (1036) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
 size: 737280
  MD5: A27D803B21F24A5CFB775944EA4CB130
PID: 3440 (1036) C:\WINDOWS\system32\dllhost.exe
 size: 5120
  MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 3452 (1244) C:\Program Files\McAfee.com\Agent\mcagent.exe
 size: 582992
  MD5: 9405B452064BFA6A0F78E2F177A988A4
PID: 2708 (1036) C:\Program Files\iPod\bin\iPodService.exe
 size: 323584
  MD5: 962BC769D1008D83F6A00B9DE887EEF4
PID: 3228 (1244) C:\WINDOWS\system32\wbem\wmiprvse.exe
 size: 218112
  MD5: 0FFAE66E6D5B1C87CBD22D1F3B6079FD
PID: 3692 (1244) C:\WINDOWS\system32\wbem\wmiprvse.exe
 size: 218112
  MD5: 0FFAE66E6D5B1C87CBD22D1F3B6079FD
PID:  532 (1036) C:\WINDOWS\system32\dllhost.exe
 size: 5120
  MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 2860 (1036) C:\WINDOWS\System32\alg.exe
 size: 44544
  MD5: 8C515081584A38AA007909CD02020B3D
PID:  892 ( 724) C:\Program Files\Mozilla Firefox\firefox.exe
 size: 7676528
  MD5: D0269B291E8FBB3E16DE398DA57B6C73
PID: 3924 (1244) c:\PROGRA~1\mcafee\msc\mcuimgr.exe
 size: 265040
  MD5: 02800372FA7F33E4042DA92D362D6573
PID:  804 (1036) C:\Program Files\Windows Live\Messenger\usnsvc.exe
 size: 98328
  MD5: 9D19B042A4FD5C02195071EA2FE0C821
PID: 4640 ( 724) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
 size: 4891472
  MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID:    4 (   0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/5/2008 6:23:22 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  [url]http://www.google.com/[/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  [url]www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  [url]http://www.dell.com[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  [url]http://www.dell.com[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
A-one DVD Ripper 6.28  (A-one DVD Ripper_is1)
    install date: 20080111
install location: C:\Program Files\A-one DVD Ripper\
   uninstall cmd: "C:\Program Files\A-one DVD Ripper\unins000.exe"
       publisher: A-one Global Creativity
       help link: [url]http://www.yaomingsoft.com/[/url]

  (AddressBook)

Adobe Acrobat 8.1.2 Standard 8.1.2 (Adobe Acrobat  8 Standard)
 version (major): 8
    install date: 1/3/2008
install location: C:\Program Files\Adobe\Acrobat 8.0\
  install source: d:\
   uninstall cmd: msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
       publisher: Adobe Systems
         contact: Customer Support
       help link: [url]http://www.adobe.com/support/main.html[/url]
  help telephone:    
          readme: [INSTALLDIR]Readme.htm

Adobe Flash Player ActiveX 9.0.124.0 (Adobe Flash Player ActiveX)
   uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
       publisher: Adobe Systems Incorporated
       help link: [url]http://www.adobe.com/go/flashplayer_support/[/url]

Adobe Shockwave Player 11 (Adobe Shockwave Player)
 version (major): 11
install location: C:\WINDOWS\system32\Adobe\
   uninstall cmd: C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
       publisher: Adobe Systems, Inc.
       help link: [url]http://www.adobe.com/support/shockwave[/url]

AOL Instant Messenger  (AOL Instant Messenger)
   uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

Audacity 1.2.6  (Audacity_is1)
install location: C:\Program Files\Audacity\
   uninstall cmd: "C:\Program Files\Audacity\unins000.exe"
       help link: [url]http://audacity.sourceforge.net[/url]

Azureus Vuze  (Azureus Vuze)
   uninstall cmd: C:\Program Files\Azureus\uninstall.exe
       publisher: Azureus, Inc.

Microsoft Office Basic 2007 12.0.6215.1000 (BASICR)
install location: C:\Program Files\Microsoft Office
   uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall BASICR /dll OSETUP.DLL
       publisher: Microsoft Corporation

Bink and Smacker  (Bink and Smacker)
   uninstall cmd: C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG

  (Branding)

Dell Wireless WLAN Card 4.170.25.12 (Broadcom 802.11b Network Adapter)
   uninstall cmd: "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
       publisher: Dell Inc.

Business Contact Manager for Outlook 2007 SP1 3.0.7311.0 (Business Contact Manager)
install location: C:\Program Files\Microsoft Small Business\
   uninstall cmd: "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/[/url]

Conexant HDA D330 MDC V.92 Modem  (CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F)
   uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf

  (Connection Manager)

  (DirectAnimation)

  (DirectDrawEx)

DVD Decrypter (Remove Only)  (DVD Decrypter)
   uninstall cmd: "C:\Program Files\DVD Decrypter\uninstall.exe"

  (DXM_Runtime)

eMule  (eMule)
   uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

  (Fontcore)

HijackThis 2.0.2 2.0.2 (HijackThis)
   uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
       publisher: TrendMicro

HP Image Zone 3.5 3.5 (HP Photo & Imaging)
   uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
       publisher: HP
       help link: [url]http://www.hp.com/support[/url]

OCR Software by I.R.I.S 7.0 7.0 (HPOCR)
   uninstall cmd: C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
       publisher: HP
       help link: [url]http://www.hp.com/support[/url]

  (ICW)

  (IE40)

  (IE4Data)

  (IE5BAKEX)

  (IEData)

  (InstallShield Uninstall Information)

Wave Support Software 05.07.00.026 (InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE})
         version: 84344832
 version (major): 5
 version (minor): 7
  estimated size: 4799
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Wave Support Software\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
       publisher: Wave Systems Corp

Private Information Manager 06.01.00.023 (InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809})
         version: 100728832
 version (major): 6
 version (minor): 1
  estimated size: 1992
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Private Information Manager\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
       publisher: Your Company Name

iPod for Windows 2006-03-23 4.7.0 (InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB})
         version: 67567616
 version (major): 4
 version (minor): 7
  estimated size: 52444
    install date: 20080110
install location: C:\Program Files\iPod\
  install source: C:\WINDOWS\Downloaded Installations\{D8C87B8A-0477-408A-AAE0-9FB4BEA3BF97}\
   uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033 
       publisher: Apple Computer, Inc.
         contact: AppleCare
       help link: [url]http://www.info.apple.com[/url]
          readme: [url]http://www.info.apple.com/support/downloads.html[/url]

Document Manager Lite 06.06.00.066 (InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2})
         version: 101056512
 version (major): 6
 version (minor): 6
  estimated size: 2869
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Document Manager Lite\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\setup.exe -runfromtemp -l0x0409
       publisher: Your Company Name

EMBASSY Security Setup 03.06.00.027 (InstallShield_{53333479-6A52-4816-8497-5C52B67ED339})
         version: 50724864
 version (major): 3
 version (minor): 6
  estimated size: 11574
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\EMBASSY Security Setup\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
       publisher: Wave Systems Corp

iTunes 6.0.4.2 (InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709})
         version: 100663300
 version (major): 6
  estimated size: 34694
    install date: 20080110
install location: C:\Program Files\iTunes\
  install source: C:\WINDOWS\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033 
       publisher: Apple Computer, Inc.
         contact: AppleCare Support
       help link: [url]http://www.info.apple.com/[/url]
  help telephone: 1-800-275-2273

QuickTime 7.0.4 (InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4})
         version: 117440516
 version (major): 7
  estimated size: 66739
    install date: 20080110
install location: C:\Program Files\QuickTime\
  install source: C:\DOCUME~1\Alexa\LOCALS~1\Temp\_is7B\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 
       publisher: Apple Computer, Inc.
         contact: AppleCare Support
       help link: [url]http://www.info.apple.com/[/url]
  help telephone: 1-800-275-2273

Secure Update 05.04.00.010 (InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50})
         version: 84148224
 version (major): 5
 version (minor): 4
  estimated size: 189
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Secure Update\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
       publisher: Your Company Name

ESC Home Page Plugin 03.01.00.018 (InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398})
         version: 50397184
 version (major): 3
 version (minor): 1
  estimated size: 1004
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\ESC Home Page Plugin\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
       publisher: Wave Systems Corp

Security Wizards 01.04.00.014 (InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4})
         version: 17039360
 version (major): 1
 version (minor): 4
  estimated size: 1428
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Security Wizards\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
       publisher: Your Company Name

EMBASSY Security Center 03.06.00.031 (InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88})
         version: 50724864
 version (major): 3
 version (minor): 6
  estimated size: 13233
    install date: 20080103
install location: C:\Program Files\Wave Systems Corp\
  install source: C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\EMBASSY Security Center\
   uninstall cmd: C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
       publisher: Wave Systems Corp

High Definition Audio Driver Package - KB835221 20040219.000000 (KB835221WXP)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=KB835221[/url]

  (KB884267)

  (KB885353)

  (KB886612)

  (KB887078)

  (KB887626)

  (KB888656)

  (KB889858)

  (KB891122)

  (KB892313)

  (KB893240)

  (KB893241)

Windows Installer 3.1 (KB893803)  (KB893803v2)
       publisher: Microsoft Corporation
       help link: [url]http://go.microsoft.com/fwlink/?LinkId=42467[/url]

  (KB895181)

  (KB895316)

  (KB895572)

  (KB897586)

  (KB898549)

  (KB900399)

  (KB902344)

  (KB907658)

Security Update for Windows Media Player (KB911564)  (KB911564)
    install date: 20080103
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=911564[/url]

  (KB911565)

  (KB911854)

Security Update for Windows XP (KB923689)  (KB923689)
    install date: 20080103
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=923689[/url]

Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)
    install date: 20080111
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/kb/923723[/url]

Security Update for Windows Media Player 6.4 (KB925398)  (KB925398_WMP64)
    install date: 20080103
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=925398[/url]

Hotfix for Windows Media Format 11 SDK (KB929399)  (KB929399)
    install date: 20080121
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=929399[/url]

Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
   uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=931906[/url]

Security Update for Windows Media Player 11 (KB936782)  (KB936782_WMP11)
    install date: 20080121
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=936782[/url]

Security Update for Windows Media Player 9 (KB936782)  (KB936782_WMP9)
    install date: 20080103
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=936782[/url]

Security Update for Windows XP (KB938464) 1 (KB938464)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=938464[/url]

Hotfix for Windows Media Player 11 (KB939683)  (KB939683)
    install date: 20080121
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=939683[/url]

Security Update for Windows XP (KB941569)  (KB941569)
    install date: 20080111
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=941569[/url]

Security Update for Windows XP (KB946648) 1 (KB946648)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=946648[/url]

GDR 3068 for SQL Server Database Services 2005 ENU (KB948109) 9.2.3068 (KB948109_SQL9)
    install date: 20081010
   uninstall cmd: C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=948109[/url]

GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109) 9.2.3068 (KB948109_SQLTools9)
    install date: 20081010
   uninstall cmd: C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=948109[/url]

Security Update for Windows XP (KB950759) 1 (KB950759)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=950759[/url]

Security Update for Windows XP (KB950760) 1 (KB950760)
    install date: 20080611
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=950760[/url]

Security Update for Windows XP (KB950762) 1 (KB950762)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=950762[/url]

Security Update for Windows XP (KB950974) 1 (KB950974)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=950974[/url]

Security Update for Windows XP (KB951066) 1 (KB951066)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=951066[/url]

Update for Windows XP (KB951072-v2) 2 (KB951072-v2)
    install date: 20080816
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=951072[/url]

Security Update for Windows XP (KB951376) 1 (KB951376)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=951376[/url]

Security Update for Windows XP (KB951376-v2) 2 (KB951376-v2)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=951376[/url]

Security Update for Windows XP (KB951698) 1 (KB951698)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=951698[/url]

Security Update for Windows XP (KB951748) 1 (KB951748)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=951748[/url]

Update for Windows XP (KB951978) 1 (KB951978)
    install date: 20081113
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=951978[/url]

Hotfix for Windows XP (KB952287) 1 (KB952287)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=952287[/url]

Security Update for Windows XP (KB952954) 1 (KB952954)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=952954[/url]

Security Update for Windows XP (KB953838) 1 (KB953838)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=953838[/url]

Security Update for Windows XP (KB953839) 1 (KB953839)
    install date: 20080815
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=953839[/url]

Security Update for Windows Media Player 11 (KB954154)  (KB954154_WM11)
    install date: 20080910
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=954154[/url]

Security Update for Windows Media Encoder (KB954156)  (KB954156_WM9L)
    install date: 20080910
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com/?kbid=954156[/url]

Security Update for Windows XP (KB954211) 1 (KB954211)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=954211[/url]

Security Update for Windows XP (KB954459) 1 (KB954459)
    install date: 20081113
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=954459[/url]

Security Update for Windows XP (KB955069) 1 (KB955069)
    install date: 20081113
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=955069[/url]

Security Update for Windows XP (KB956390) 1 (KB956390)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=956390[/url]

Security Update for Windows XP (KB956391) 1 (KB956391)
    install date: 20081015
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=956391[/url]

Security Update for Windows XP (KB956803) 1 (KB956803)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=956803[/url]

Security Update for Windows XP (KB956841) 1 (KB956841)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=956841[/url]

Security Update for Windows XP (KB957095) 1 (KB957095)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=957095[/url]

Security Update for Windows XP (KB957097) 1 (KB957097)
    install date: 20081113
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=957097[/url]

Security Update for Windows XP (KB958644) 1 (KB958644)
    install date: 20081026
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://support.microsoft.com?kbid=958644[/url]

Last.fm 1.5.2.38918  (LastFM_is1)
    install date: 20081201
install location: C:\Program Files\Last.fm\
   uninstall cmd: "C:\Program Files\Last.fm\unins000.exe"
       publisher: Last.fm
       help link: [url]http://www.last.fm[/url]

Lion King  (Lion King_is1)
install location: C:\Program Files\Lion King\
   uninstall cmd: "C:\Program Files\Lion King\unins000.exe"
       publisher: GameFabrique
       help link: [url]http://www.gamefabrique.com/[/url]

Microsoft .NET Framework 1.1 Hotfix (KB928366)  (M928366)
   uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Malwarebytes' Anti-Malware  (Malwarebytes' Anti-Malware_is1)
    install date: 20081205
install location: C:\Program Files\Malwarebytes' Anti-Malware\
   uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
       publisher: Malwarebytes Corporation
       help link: [url]http://www.malwarebytes.org[/url]

McAfee Uninstaller  (McAfee Uninstall Utility)
   uninstall cmd: C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm

Microsoft .NET Framework 1.1  (Microsoft .NET Framework 1.1  (1033))
   uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
          readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

  (Microsoft Interactive Training)
   uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

Microsoft SQL Server 2005  (Microsoft SQL Server 2005)
   uninstall cmd: "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
       publisher: Microsoft Corporation
       help link: [url]http://go.microsoft.com/fwlink/?LinkId=52152[/url]

  (MobileOptionPack)

Mozilla Firefox (2.0.0.18) 2.0.0.18 (en-US) (Mozilla Firefox (2.0.0.18))
install location: C:\Program Files\Mozilla Firefox
   uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
       publisher: Mozilla
        comments: Mozilla Firefox

  (MPlayer2)

McAfee SecurityCenter  (MSC)
install location: C:\Program Files\McAfee
   uninstall cmd: C:\Program Files\McAfee\MSC\mcuninst.exe
       publisher: McAfee, Inc.

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
    install date: 20080119
   uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: [url]http://go.microsoft.com/fwlink/?LinkId=74087[/url]

  (NetMeeting)

NVIDIA Drivers  (NVIDIA Drivers)
   uninstall cmd: C:\WINDOWS\system32\nvudisp.exe UninstallGUI

  (OutlookExpress)

  (PCHealth)
   uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

  (RealJukebox 1.0)
   uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer  (RealPlayer 6.0)
install location: C:\Program Files\Real\RealPlayer\realplay.exe
   uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
       publisher: RealNetworks
        comments: Play, Save, and Organize your music and videos, Burn a CD, or simply take your music with you.
         contact: RealNetworks

Indy788 0 Newbie Poster · Answer 5 · 2008-12-06T05:29:44+00:00

I rebooted and ran HJT again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:55 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {6E9DE132-D80C-489B-99BA-7E8C0B30C6CA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1202861459187
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: c:\windows\system32\wonavuho.dll c:\windows\system32\heyayoli.dll c:\windows\system32\rasivogi.dll
O20 - Winlogon Notify: cbXNhIAR - cbXNhIAR.dll (file missing)
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O20 - Winlogon Notify: ssqqnli - C:\WINDOWS\
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12840 bytes

Indy788 0 Newbie Poster · Answer 6 · 2008-12-06T06:39:24+00:00

Combofix log:

ComboFix 08-12-05.02 - Alexa 2008-12-05 19:27:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2973 [GMT -6:00]
Running from: c:\documents and settings\Alexa\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alexa\Application Data\inst.exe
c:\documents and settings\Alexa\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-05 16:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 16:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 20:39 . 2008-12-01 20:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Last.fm
2008-12-01 20:38 . 2008-12-01 20:38 <DIR> d-------- c:\program files\Last.fm
2008-11-24 15:13 . 2008-11-24 15:13 0 --a------ c:\windows\DVEdit.INI
2008-11-24 14:52 . 2008-11-24 14:53 <DIR> d-------- c:\program files\Sony
2008-11-24 14:52 . 2007-11-19 10:19 1,519,718 --------- c:\windows\system32\lcstde.ax
2008-11-24 14:52 . 2007-11-19 10:19 151,654 --------- c:\windows\system32\lpecsp.ax
2008-11-24 14:52 . 2007-11-19 10:19 151,654 --------- c:\windows\system32\lcstsp.ax
2008-11-24 14:52 . 2007-11-19 10:18 143,464 --------- c:\windows\system32\IcdPars.ax
2008-11-24 14:52 . 2007-11-19 10:20 143,462 --------- c:\windows\system32\msvdec.ax
2008-11-24 14:52 . 2007-11-19 10:19 122,982 --------- c:\windows\system32\lpecde.ax
2008-11-24 14:52 . 2007-11-19 10:18 114,787 --------- c:\windows\system32\DPCtrl.ax
2008-11-24 14:52 . 2007-11-21 10:49 113,996 --------- c:\windows\system32\IcdAfs.ax
2008-11-24 14:52 . 2007-11-19 10:18 106,600 --------- c:\windows\system32\IcdSrc2.ax
2008-11-24 14:52 . 2007-11-19 10:18 98,406 --------- c:\windows\system32\icdsrc.ax
2008-11-24 14:52 . 2007-11-19 10:20 98,304 --------- c:\windows\system32\trcsp.ax
2008-11-24 14:52 . 2007-11-19 10:20 57,344 --------- c:\windows\system32\trcde.ax
2008-11-24 14:52 . 2002-08-21 18:39 53,248 --------- c:\windows\system32\AudiDest.ax
2008-11-22 22:56 . 2008-11-22 22:59 <DIR> d-------- c:\documents and settings\Alexa\Application Data\FrostWire
2008-11-22 22:56 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-22 22:54 . 2008-11-22 23:00 <DIR> d-------- c:\program files\FrostWire
2008-11-14 20:38 . 2008-11-14 20:38 <DIR> d-------- c:\documents and settings\Alexa\Application Data\Move Networks
2008-11-12 08:39 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 08:39 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 22:03 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-05 04:47 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-05 03:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-05 03:42 --------- d-----w c:\documents and settings\Alexa\Application Data\SiteAdvisor
2008-12-04 22:52 --------- d-----w c:\program files\Java
2008-12-04 00:49 --------- d-----w c:\documents and settings\Alexa\Application Data\dvdcss
2008-12-03 00:40 --------- d-----w c:\documents and settings\Alexa\Application Data\Vso
2008-12-02 02:39 --------- d-----w c:\program files\iTunes
2008-11-29 19:06 --------- d-----w c:\program files\WMR11
2008-11-24 20:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-21 06:33 --------- d-----w c:\program files\eMule
2008-11-14 05:27 --------- d-----w c:\documents and settings\Alexa\Application Data\Azureus
2008-11-13 09:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-08 15:56 --------- d-----w c:\program files\Azureus
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 04:47 --------- d-----w c:\program files\Lion King
2008-10-15 05:13 --------- d-----w c:\program files\Sun
2008-10-15 04:56 --------- d-----w c:\program files\Clever Age
2008-10-15 02:27 --------- d-----w c:\program files\Skype
2008-10-15 02:27 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-10 08:03 --------- d-----w c:\program files\Microsoft SQL Server
2008-10-09 18:02 --------- d-----w c:\program files\Microsoft Small Business
2008-10-09 17:33 --------- d-----w c:\program files\Microsoft.NET
2008-10-09 17:30 --------- d-----w c:\documents and settings\Alexa\Application Data\GetRightToGo
2008-01-13 03:41 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-11 20:32 47,360 ----a-w c:\documents and settings\Alexa\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-06 8466432]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-01-17 152144]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 155648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-31 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-04-04 114688]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-03 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsshld.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\McAfee\\MPS\\mps.exe"=

R0 PBADRV;PBADRV;c:\windows\system32\DRIVERS\PBADRV.sys [2008-01-03 26608]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-02-24 28184]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe /Processid:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75} [2004-08-11 5120]
R2 WavxDMgr;WavxDMgr;c:\windows\system32\DRIVERS\WavxDMgr.sys [2007-09-10 161280]
R3 WaveFDE;Wave System Power Monitor Device Driver;c:\windows\system32\DRIVERS\WaveFDE.sys [2007-09-07 18176]
S2 TdmService;TdmService;c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 737280]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2008-11-24 39048]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SecureStorageService;SecureStorageService;"c:\program files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-08-31 486400]
S3 VNUSB;VN Series Device;c:\windows\system32\DRIVERS\VNUSB.sys [2008-04-04 38496]
S3 WaveEnrollmentService;WaveEnrollmentService;"c:\program files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe" [2007-09-13 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{482c60b4-5c9f-11dd-9329-001c2329d0bb}]
\Shell\AutoRun\command - E:\RCAMemoryMgr.exe
\Shell\Manage your videos\command - E:\RCAMemoryMgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5ba1016-709d-11dd-933a-001e4c4f1389}]
\Shell\Shell00\Command - E:\Start.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6E9DE132-D80C-489B-99BA-7E8C0B30C6CA} - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe
Notify-cbXNhIAR - cbXNhIAR.dll
Notify-ssqqnli - (no file)
Notify-wlballoon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Alexa\Application Data\Mozilla\Firefox\Profiles\lvg4l3nv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 19:31:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcods.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MPS\mps.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\MPS\mpsevh.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2008-12-05 19:37:08 - machine was rebooted [Alexa]
ComboFix-quarantined-files.txt 2008-12-06 01:37:03

Pre-Run: 59,185,381,376 bytes free
Post-Run: 59,373,084,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

240 --- E O F --- 2008-12-01 18:15:45

Indy788 0 Newbie Poster · Answer 7 · 2008-12-06T07:33:31+00:00

Indy788 0 Newbie Poster

15 Years Ago

Okay, sounds good. Thanks for your help so far!

Indy788 0 Newbie Poster · Answer 8 · 2008-12-06T08:49:39+00:00

Well, I have not used Frostwire ever (it was actually uninstalled from my computer months ago), and the other programs you mentioned have not been used in a month or so. And yes I realize they are illegal. The virus problem started when I opened a thumbnail picture (uploaded at imagebum) that was posted at a classic movie forum.

Here's my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:35 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1202861459187
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12263 bytes

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 9 · 2008-12-06T11:04:20+00:00

Well, I have not used Frostwire ever (it was actually uninstalled from my computer months ago), and the other programs you mentioned have not been used in a month or so.

If you say so, though you might want to look at the dates in the combofix log:
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))

2008-11-22 22:56 . 2008-11-22 22:59 <DIR> d-------- c:\documents and settings\Alexa\Application Data\FrostWire
2008-11-22 22:54 . 2008-11-22 23:00 <DIR> d-------- c:\program files\FrostWire
2008-11-21 06:33 --------- d-----w c:\program files\eMule
2008-11-14 05:27 --------- d-----w c:\documents and settings\Alexa\Application Data\Azureus
2008-11-08 15:56 --------- d-----w c:\program files\Azureus

The dates, by the way, in a combofix log are listed Year, Month, Day and the time is in military time I would guess you would say so the FrostWire would read, November 22, 2008 from 10:54 pm to 10:59 pm, eMule file was created November 21, 2008 at 6:33 am
Aszureus Nov. 8, 2008.
Better check cause it looks like the programs you say you haven't used in months have been used so somebody else must be using your computer and one that was removed months ago was created on November 22.
Anyway, the other logs look clean.
You need to remove combofix from the machine. To do so do the following:
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there
When shown the disclaimer, Select "2"
I would advise you to keep MBA-M. As you can see it is a great program for removing quite a bit of nasty stuff. I would advise you run it at least every few days. Always update it first. This program has very regular updates, sometimes daily.
For regular scanning using the Quick Scan option is usually sufficient. If you run a Quick Scan and it seems to find a lot then update again to be sure and run the Full System Scan. Always allow it to Remove what it finds.

If you feel the system is clean you can mark this thread solved and you should also set a new, clean restore point. To do this Right Click My Computer. Choose Properties. When System Properties opens click the System Restore Tab. Place a check mark in Turn Off System Restore. You will get a warning that you are turning it off, click ok. It will then turn off. Wait a few minutes and then do the same thing only this time take that check mark OUT. System Restore will turn back on.
Judy

yollyP. 0 Light Poster · Answer 10 · 2008-12-06T18:09:36+00:00

I am not so familiar with getting rid of Trojan virus, that's why I want to ask help too. The virus was never deleted in my office computer no matter what the virus killer do- its still there. Our manager just told me to ignore it. But it keeps on appearing everytime I surf or open my documents. What shall I do?

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 11 · 2008-12-06T21:56:29+00:00

yollyP, you need to create your OWN thread and not request help in somebody else's thread. That is the way to get proper help. It can get very confusing working with two different posters in one thread.
Please start your own and follow the instructions given HERE before you post. Follow all steps with the exception of Deckard Scanner which is not available. Instead use HiJackThis.
Make your own thread and one of us here will be most happy to assist you.
Judy

Indy788 0 Newbie Poster · Answer 12 · 2008-12-06T23:00:03+00:00

Thanks for all your help. There doesn't seem to be any problems anymore.

yollyP. 0 Light Poster · Answer 13 · 2008-12-10T13:46:34+00:00

Hello Sir:

I'm sorry for the wrong place. Anyway, thank you for informing me of where I supposed to address my problem.

Trojans keep reappearing

Recommended Answers Collapse Answers

All 18 Replies

Recommended Answers